FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance
April 18 2024 - 12:30PM
The FreeBSD Foundation, a public charity dedicated to supporting
the FreeBSD operating system, today announced the release of
Version 1 of the FreeBSD Secure Software Development Framework
(SSDF) Attestation for its partner organizations that have
contributed at the Silver level and above.
The SSDF is a key resource for entities working with the US
Government, facilitating compliance with NIST SP 800-218 Section 4e
as recommended by the United States Cybersecurity and
Infrastructure Security Agency (CISA) in consultation with the
General Services Administration (GSA) and the Office of Management
and Budget (OMB). This initiative aligns with the goals of
Executive Order 14028, issued by the Biden Administration in May of
2021, and Memorandum M-22-18, issued in September of 2022, aimed at
enhancing national cybersecurity.
The SSDF Attestation continues the FreeBSD community’s
longstanding commitment to security by providing transparency and
trustworthiness in its software development environment. This move
aligns with the US federal government's recent initiative to
bolster software security.
SSDF is a set of software development practices based on
established secure software development documents from
organizations such as BSA, OWASP, and SAFECode, aiming to reduce
software vulnerabilities in US government software solutions. On
March 18, CISA announced that the Repository for Software
Attestation and Artifacts is now live for software producers who
partner with the federal government to upload their Secure Software
Development Attestation Forms.
First announced by the FreeBSD Foundation in November 2023, the
FreeBSD SSDF Attestation, which conforms to the CISA SSDF
Self-Attestation, includes references and sources that validate the
trustworthiness of the FreeBSD development process, offering
partners and potential collaborators confidence in the community’s
rigorous standards.
"The FreeBSD community is a leader in creating secure,
open-source software that is secure by design and default," said Ed
Maste, Senior Director of Technology at the FreeBSD Foundation. “We
are proud to release Version 1 of our SSDF Attestation report to
our commercial partners as governments worldwide increasingly
recognize open source's critical role in innovation and
security."
“NetApp proudly leverages FreeBSD to deliver high-performance
products that consistently meet our customers’ expectations for
reliability, security, and supportability–including numerous US
military and civilian government agencies,” said Matt Hambrick, Sr.
Director of ONTAP Engineering at NetApp. “As we report to our
Government clients on NetApp’s secure software development
processes and procedures, the FreeBSD SSDF Attestation report is a
valuable and welcomed support to these efforts.”
“Leveraging FreeBSD in our rXg multi-services edge gateway helps
us provide an integrated solution that delivers exceptional
performance, scalability, and security," said Dr. Simon Lok,
Founder at RG Nets. "The SSDF Attestation from the FreeBSD
Foundation aligns with our commitment to deliver secure and
reliable networking infrastructure. This attestation enhances our
credibility and demonstrates our adherence to rigorous security
standards.”
To learn more about the SSDF Attestation and the advantages of
partnering with the FreeBSD Foundation, interested parties are
encouraged to contact
partnerships@freebsdfoundation.org. This
initiative is critical in securing the software development
landscape and reaffirming FreeBSD's dedication to creating a safe
and reliable computing environment.
About the FreeBSD Foundation
The FreeBSD Foundation is a 501(c)(3) non-profit organization
dedicated to supporting the FreeBSD Project and community.
Accepting donations from individuals and businesses, the Foundation
uses funds to develop features, employ software engineers, improve
build and test infrastructure, advocate for FreeBSD through
in-person and online events, and provide training and educational
material. Representing the FreeBSD Project in legal affairs, the
Foundation stands as the recognized entity for contracts, licenses,
and other legal arrangements and is entirely donation supported.
Learn more at freebsdfoundation.org.
Contact
FreeBSD Foundation
partnerships@freebsdfoundation.org